Originally Posted by serpens
(Post 28614387)
Canarsie, I believe your advice is spot-on, and I have no better alternatives to offer. On the other hand, I believe your advice would not work in all situations, due to disinterested or dysfunctional organizations. I also noted that I might, in a situation where a large number of points disappeared, panic and take some action, even if that action might turn out to be against my interest, and I would not be surprised if others might act similarly.
...and my initial thought is that if a company is so disinterested or dysfunctional to the point that it is more of a disadvantage than a benefit to me, I might perhaps reconsider conducting business with that company if I have other options available to me. Fortunately — by my experience, anyway — Hilton is not one of those companies... |
Originally Posted by serpens
(Post 28614387)
Canarsie, I believe your advice is spot-on, and I have no better alternatives to offer. On the other hand, I believe your advice would not work in all situations, due to disinterested or dysfunctional organizations. I also noted that I might, in a situation where a large number of points disappeared, panic and take some action, even if that action might turn out to be against my interest, and I would not be surprised if others might act similarly.
Yes, the sooner you report the issue the easier it would be to track down the culprit, but so far, all reports I've read have resulted in the points being returned. If you have a need to use those points soon, you may have problems getting them to advance what is expected to be returned, but worth asking. |
Originally Posted by RogerD408
(Post 28615163)
My guess (hope) is that you got a disinterested agent. Some companies do hide their internal groups, like security, from the customer. This leaves us to deal with someone that has no say in what the other group does or when, and if they have no means to access them or put you in touch with them it's bad. If you were able to reach out to the agent working your case, I'd bet your experience would be much better.
Yes, the sooner you report the issue the easier it would be to track down the culprit, but so far, all reports I've read have resulted in the points being returned. If you have a need to use those points soon, you may have problems getting them to advance what is expected to be returned, but worth asking. Loyalty programs are membership benefits being adapted and built up more by many companies for their loyal customers and early adapters of these programs have large amounts of credit that is being targeted by cyber criminals. I hope to see more safeguards around these programs to protect the digital assets of their members. |
Account Hacked! 58k points transferred
So has anyone had their Hilton account broken into? I got a email saying that I had transferred 58k points to another account which I didn't. I've called to report it and a case was started (though I didn't get the follow up email yet for the affidavit). Any one know how long it takes to get your points back? I was looking to use them and now it's all gone (hopefully for now)!
|
There really does seem to be an uptick again of hacked accounts, everytime I see a new thread I go and check my account. Makes me think I need to spend some points...
|
Originally Posted by NOLAnwGOLD
(Post 28628480)
So has anyone had their Hilton account broken into? I got a email saying that I had transferred 58k points to another account which I didn't. I've called to report it and a case was started (though I didn't get the follow up email yet for the affidavit). Any one know how long it takes to get your points back? I was looking to use them and now it's all gone (hopefully for now)!
|
I had 960K points hacked last week on the 25th and just like you they did the points transfer to an airline. On Friday Hilton restored my points and gave me a new HHonors account number. So it took me 72 hours.
|
Just an update:
I got my 960K points restored to a new HHonors account number. The whole process took 72 hours. Very pleased with the results. |
I'm glad this bad situation had a good outcome, gauntlet3h.
|
Originally Posted by Miesque
(Post 28630302)
There really does seem to be an uptick again of hacked accounts, everytime I see a new thread I go and check my account. Makes me think I need to spend some points...
Information from more than a dozen people in Hilton Honors Customer Care, the Diamond Desk and Guest Assistance indicates that there has been a substantial uptick in theft of points over the past couple of weeks and that the fraud was in most cases carried out through points.com . Hilton seems to be following their usual procedure of looking into the cases and refunding the points within two weeks. However, no word at all from the company of the extent of the fraud. Neither have they made any public mention of it, or what members who escaped harm this time might do to protect themselves from an attack using the same method or something similar. I understand they've asked people who had points stolen to change the preferred email address on their account. There also does not appear to be any movement toward enhancing security on Honors accounts beyond the current requirement of an online password, or, in the case of phone contact, verifying the member's name plus two of their email address, phone number or Honors account number. |
I just noticed Delta.com has a new advisory alert on front page this morning -
Advisory! - Protect Your Data Which leads me to believe there is a similar recurrence over at Delta with redemptions. |
Originally Posted by Miesque
(Post 28630302)
There really does seem to be an uptick again of hacked accounts, everytime I see a new thread I go and check my account. Makes me think I need to spend some points...
1) The points.com route for the recent theft of points appears to be combined with or in addition to an exploit of the new points pooling function. Multiple target Honors accounts are set to share points with [what is probably] a perpetrator's account from which the points are then redeemed. 2) Hilton announced to their reps today that the tie up with Amazon that will allow Honors points to be used on Amazon is now delayed indefinitely. I think it no coincidence. It appears likely that the recent wave of thefts was a test run and that a much larger exploit would be unleashed once the stolen points could be used on Amazon. |
Originally Posted by retiredfromhilton
(Post 28634172)
Two further updates from reps at Hilton:
1) The points.com route for the recent theft of points appears to be combined with or in addition to an exploit of the new points pooling function. Multiple target Honors accounts are set to share points with [what is probably] a perpetrator's account from which the points are then redeemed. 2) Hilton announced to their reps today that the tie up with Amazon that will allow Honors points to be used on Amazon is now delayed indefinitely. I think it no coincidence. It appears likely that the recent wave of thefts was a test run and that a much larger exploit would be unleashed once the stolen points could be used on Amazon. |
Originally Posted by retiredfromhilton
(Post 28633297)
Information from more than a dozen people in Hilton Honors Customer Care, the Diamond Desk and Guest Assistance indicates that there has been a substantial uptick in theft of points over the past couple of weeks and that the fraud was in most cases carried out through points.com . Hilton seems to be following their usual procedure of looking into the cases and refunding the points within two weeks. However, no word at all from the company of the extent of the fraud.
Neither have they made any public mention of it, or what members who escaped harm this time might do to protect themselves from an attack using the same method or something similar. I understand they've asked people who had points stolen to change the preferred email address on their account. There also does not appear to be any movement toward enhancing security on Honors accounts beyond the current requirement of an online password, or, in the case of phone contact, verifying the member's name plus two of their email address, phone number or Honors account number. With many sites now using an email address as the account name, it's not far fetched to think the user will use their email password for access. This causes a cascading failure should they get hacked. Personally, I use separate addresses for each account even if it's not the username so I can see who's feeding my address to spammers. |
Originally Posted by retiredfromhilton
(Post 28633297)
Information from more than a dozen people in Hilton Honors Customer Care, the Diamond Desk and Guest Assistance indicates that there has been a substantial uptick in theft of points over the past couple of weeks and that the fraud was in most cases carried out through points.com . Hilton seems to be following their usual procedure of looking into the cases and refunding the points within two weeks. However, no word at all from the company of the extent of the fraud.
Neither have they made any public mention of it, or what members who escaped harm this time might do to protect themselves from an attack using the same method or something similar. I understand they've asked people who had points stolen to change the preferred email address on their account. There also does not appear to be any movement toward enhancing security on Honors accounts beyond the current requirement of an online password, or, in the case of phone contact, verifying the member's name plus two of their email address, phone number or Honors account number. |
All times are GMT -6. The time now is 12:15 pm. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.